Latest articles

In data protection regulation since the 1980s, accountability has been used in the sense that the ‘data controller’ is responsible for complying with particular data protection legislation and, in most cases, is required to establish systems and processes which aim at ensuring such compliance. This paper assesses this notion in the context of cloud computing, and describes how better and more systematic accountability might be provided.

Accountability becomes a necessary principle for future computer systems. This is specially critical for the cloud and Web applications that collect personal and sensitive data from end users. Accountability regards the responsibility and liability for the data handling performed by a computer system on behalf of an organization. In case of misconduct (e.g. security breaches, personal data leaks, etc.), accountability should imply remediation and redress actions.

In this paper we propose an approach for enhanced data protection in the cloud, based upon accountability governance. Specifically, the relationships between accountability, risk and trust are analyzed in order to suggest characteristics and means to address data governance issues involved when organizations or individuals adopt cloud computing. This analysis takes into account insights from a variety of stakeholders within cloud ecosystems obtained by running an elicitation workshop.

Accountability provides the necessary assurance to different stakeholders (customers, auditors, regulators) about the correct execution of the obligations concerning compliance requirements. Modeling accountability in a business process is an important problem, as SOA is the generally accepted standard for IT systems. This requires the orchestration of several non-functional concerns across services (such as authentication, authorization, logging, among others) to attest the correct operation of control activities.

The right to data protection is a highly developed area of law in Europe. At the same time cloud technology has become a routine part of the European citizens' digital life. One relevant development is medical sensor networks, which are seeing increased use for monitoring health and well-being for e.g. of elderly people living at home. The large amount of data generated by such sensors indicates that it would be suitable to employ a cloud-based solution for processing and storage, but since the sensor data represent sensitive personal data, there are many challenges that must be addressed.

The OAuth 2 web authorization framework allows services to act on behalf of users when interacting with other services. It avoids sharing username and passwords across services, thus, in principle protecting users from several threats. However, it is known that the implementation of this kind of authorization protocol is tricky, and potentially leads to vulnerable web services. In this paper we present a toolkit for Java-based Cloud platforms which facilitates the deployment of the OAuth 2 authorization framework into existing web services.

Accountability is an important but complex notion that encompasses the obligation to act as a responsible steward of the personal information of others, to take responsibility for the protection and appropriate use of that information beyond mere legal requirements and to provide remediation. This notion is increasingly seen as key in easing business constraints in global environments and in helping overcome barriers to cloud service adoption.

Existing approaches to the adaptation of workflows over Web services fall short in two respects. First, they only provide, if ever, limited means for taking into account the execution history of a workflow. Second, they do not support adaptations that require modifications not only at the service composition level but also at the levels of interceptors and service implementations.

Modeling and simulation as a service and its difference from software as a service is explained. The literature on trust and risk for cloud service mashups are surveyed. A joint trust and risk model is intro-duced for MSaaS federations. The model is based on historic data related not only security incidents but also performance records. Negative and positive performances are differentiated and the freshness of the historic data are taken into account in the model. A numerical analysis by using the model through Monte-Carlo simulation is also provided.

Accountability has emerged as a critical concept related to data protection in cloud ecosystems. It is necessary to maintain chains of accountability across cloud ecosystems. This is to enhance the confidence in the trust that cloud actors have while operating in the cloud. This paper is concerned with accountability in the cloud. It presents a conceptual model, consisting of attributes, practices and mechanisms for accountability in the cloud. The proposed model allows us to explain, in terms of accountability attributes, cloud-mediated interactions between actors.